re-lax samesite cookie policy

As per discussion in code review:

> Cookies are always scoped in browsers. That's not the issue. SameSite attribute just protects against CSRF attacks. But Get requests (aka links) are also "protected" with Strict, which breaks it… and for users that is highly confusing when they (apparently arbitrarily) do not get the language they have set before when clicking a link.

https://github.com/PrivateBin/PrivateBin/pull/1287#discussion_r1589299210

lib/Controller.php

@@ -178,7 +178,7 @@ class Controller
         // force default language, if language selection is disabled and a default is set
         if (!$this->_conf->getKey('languageselection') && strlen($lang) == 2) {
             $_COOKIE['lang'] = $lang;
-            setcookie('lang', $lang, array('SameSite' => 'Strict', 'Secure' => true));
+            setcookie('lang', $lang, array('SameSite' => 'Lax', 'Secure' => true));
         }
     }
 
@@ -389,7 +389,7 @@ class Controller
         $languageselection = '';
         if ($this->_conf->getKey('languageselection')) {
             $languageselection = I18n::getLanguage();
-            setcookie('lang', $languageselection, array('SameSite' => 'Strict', 'Secure' => true));
+            setcookie('lang', $languageselection, array('SameSite' => 'Lax', 'Secure' => true));
         }
 
         // strip policies that are unsupported in meta tag